Link to home
Start Free TrialLog in
Avatar of b2kris
b2kris

asked on

Cisco ASA to Cent OS 5 ipsec tunnel ip forwarding / sharing

I have a windows server that I want to run a bunch of custom services on and share with several ip's via different linux boxes from outside vendor.

I'm trying to get the first setup complete so I can test so I only need 1 case but this solution will have to work with multiple outside linux servers and the same windows inside server.  

So my windows server has several IP's I'm going to use 2 for this example.

Windows Server - 10.3.0.20 and 10.3.0.21
There is an ASA 5505 with a inside ip of 10.3.0.1 and the outside ip of 50.x.x.1

Then I have a Cent 5 box with a single private ip of 10.4.23.82 on eth0 and public ip's of 69.x.x.1 and 69.x.x.2 on eth1

iptables are installed but stopped.  openswan is installed and I have a tunnel up between the asa and the cent

ipsec service status shows 1 tunnels up

That's as far as I got.

What I would like to do is make it so when a user comes to 69.x.x.1 it is forwarded to 10.3.0.20 and 69.x.x.2 and it goes to 10.3.0.21
and vice versa when a connection is established on 10.3.0.20 I want it to route out through 69.x.x.1 and 10.3.0.21 to route out through 69.x.x.2

I don't want the outside world to know about the 50.x.x.1 network.

The question is how can I configure this so that is possible with keeping in mind that someday I'll want this to work and then go get another outside linux box and have a new ip of 70.x.x.1 go to 10.3.1.20 etc. etc.

Thanks
Avatar of b2kris
b2kris

ASKER

I forgot to mention that foreach 1 to 1 mapping there will only be 1 port used.  For example

69.x.x.1 going to 10.3.0.20 would be only tcp 80
69.x.x.2 going to 10.3.0.21 would be only tcp 443
ASKER CERTIFIED SOLUTION
Avatar of David Akinsanya
David Akinsanya
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial